Home / Vulnerability Intelligence / CVE-2026-25085

CVE-2026-25085 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: February 27, 2026

Copeland XWEB Pro - Authentication Bypass

Published: February 27, 2026Updated: February 27, 2026Remote Exploitable

Overview

Copeland XWEB Pro <= 1.12.1 contains an authentication bypass caused by unexpected return value processing in the authentication routine, letting attackers bypass authentication, exploit requires crafted authentication attempts.

Severity & Score

Severity: High

CVSS Score: 8.6

EPSS Score: 6.6%(Probability of exploitation in next 30 days)

Impact

Attackers can bypass authentication, gaining unauthorized access to the system.

Mitigation

Update to the latest version beyond 1.12.1.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 27, 2026

🟠 CVE-2026-25085 - High (8.6) A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25085/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-25085
Severity: High
CVSS Score: 8.6
Type: broken_authentication
Status: unconfirmed
EPSS: 6.6%
Social Posts: 1

CWE

CWE-394

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

EPSS Score

6.6%Probability of exploitation in the next 30 days